CVE-2010-0442
02.02.2010, 18:30
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."Enginsight
Vendor | Product | Version |
---|---|---|
postgresql | postgresql | 7.4 ≤ 𝑥 < 7.4.28 |
postgresql | postgresql | 8.0 ≤ 𝑥 < 8.0.24 |
postgresql | postgresql | 8.1 ≤ 𝑥 < 8.1.20 |
postgresql | postgresql | 8.2 ≤ 𝑥 < 8.2.16 |
postgresql | postgresql | 8.3 ≤ 𝑥 < 8.3.10 |
postgresql | postgresql | 8.4 ≤ 𝑥 < 8.4.3 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
postgresql-7.4 |
| ||||||||||||||||||
postgresql-8.0 |
| ||||||||||||||||||
postgresql-8.1 |
| ||||||||||||||||||
postgresql-8.2 |
| ||||||||||||||||||
postgresql-8.3 |
| ||||||||||||||||||
postgresql-8.4 |
|
Common Weakness Enumeration
References